BusinessWeek is reporting that Microsoft's next release of Internet Explorer, version 7, will not be integrated into Windows. Breaking nearly ten years of tradition, Internet Explorer was always very tightly integrated into Windows, allowing users to do such things as launch a website directly from any Windows Explorer window, or save a live web page as the desktop wallpaper.

This just means that the OS no longer uses Trident (IE's rendering engine).

IE was never really "integrated" with Windows. It was always a separate app, it's just that Windows used Trident to render parts of the OS.

IE is still bundled with Vista. People can still use Trident in their own applications (and know that it is already shipped with the OS).

I did notice, though, that when you type a URL into Explorer, it no longer converts intself into IE, it opens up a IE in a separate window.

So many people have completely misunderstood how IE worked with the OS. IE was NEVER part of the kernel. It has always been a separate application.

This does not effect security in the slightest bit, it just allows the removal of IE without breaking parts of the OS (the help system, Windows Update, etc...), as these parts that used to rely on IE have been re-written so as to no longer require IE to be present.

But from the article: Security analysts have been telling Microsoft for a while ... Exploits that were found to exist in current versions of Internet Explorer, were used to attack the core operating system because of the tight integration.

So, unnamed "security analysts" say it does improve security, but "CPUGuy" says it does not.

The most impressive thing about IE is that it demonstrates that the most popular web client for the most popular desktop operating system can still appear to be magic. All they're really changing is shell integration. The components that make up IE are all going to be there and capable of being embedded.

Windows using IE does not all of a sudden make it more vulnerable. The reason the problem exsists (beyond IEs own security flaws) is because IE is bundled with Windows, and that bundling is still there.

Just because a "security analyst" says that it will improve security does not mean it will... and it won't.

What will improve security is how IE runs as an isolated process, in its own sandbox, in its own world. IE is not allowed to touch anything outside of IEs own folder. So when a security hole does arise, it can't actually do anything except mess up the IE directory (I think not even anything outside of the Temp Inet files dir).

So many people have completely misunderstood how IE worked with the OS. IE was NEVER part of the kernel. It has always been a separate application.

OS != kernel.

IE has always run as its own process in userspace. That's not the issue either.

IE the browser is a relatively small exe file that doesn't do all that much. All it does is load the individual components that provide the functionality and provide the interface to connect them.

The problem is with the IE components. They aren't all tossed in MSHTML.DLL or other similar DLL's. The functionality is spread somewhat randomly amongst files such as COMDLG.DLL (Common Dialogs) and other core Windows DLL's that have existed forever.

Microsoft's arguments in the antitrust case came down to saying "There's IE code in COMDLG.DLL, so we can't remove IE from the system or almost every program will stop working."

In the end, the issue comes down to where do you draw the line between IE code and OS code, and how much of it can be feasibly removed.

Add on top of that, IE being "integrated" isn't what caused the security debacle in XP. All apps had admin rights, so if Firefox had the same flaws, it would have been able to do the same thing, or any browser or app for that matter.

I don't think people truly understand what Microsoft meant by integrated.